GHSA-V5C3-6WVC-PC2Q QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0

SSRF Filter Bypass via 0.0.0.0 Summary The SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular non-admin user holding any valid API token can send a multimodal request to /v1/chat/completions,...

CVE-2025-57814 request-filtering-agent SSRF Bypass via HTTPS Requests

request-filtering-agent is an https.Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. This allows attackers to...

GHSA-PW25-C82R-75MM request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. Impact: Vulnerable patterns requests that should be blocked but are allowed: - https://127.0.0.1:443/api -...

CVE-2018-14730

An issue was discovered in Browserify-HMR. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR Hot Module Replacement. Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:3123/...